1 /* 2 * Copyright 2019 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.security.identity.cts; 18 19 import static org.junit.Assert.assertArrayEquals; 20 import static org.junit.Assert.assertEquals; 21 import static org.junit.Assert.fail; 22 23 import org.junit.Test; 24 import org.junit.runner.RunWith; 25 import org.junit.runners.JUnit4; 26 27 import java.security.GeneralSecurityException; 28 import java.util.Random; 29 30 /* 31 * This is based on https://github.com/google/tink/blob/master/java/src/test/java/com/google 32 * /crypto/tink/subtle/HkdfTest.java 33 * which is also Copyright (c) Google and licensed under the Apache 2 license. 34 */ 35 @RunWith(JUnit4.class) 36 public class HkdfTest { 37 38 static Random sRandom = new Random(); 39 40 /** Encodes a byte array to hex. */ hexEncode(final byte[] bytes)41 static String hexEncode(final byte[] bytes) { 42 String chars = "0123456789abcdef"; 43 StringBuilder result = new StringBuilder(2 * bytes.length); 44 for (byte b : bytes) { 45 // convert to unsigned 46 int val = b & 0xff; 47 result.append(chars.charAt(val / 16)); 48 result.append(chars.charAt(val % 16)); 49 } 50 return result.toString(); 51 } 52 53 /** Decodes a hex string to a byte array. */ hexDecode(String hex)54 static byte[] hexDecode(String hex) { 55 if (hex.length() % 2 != 0) { 56 throw new IllegalArgumentException("Expected a string of even length"); 57 } 58 int size = hex.length() / 2; 59 byte[] result = new byte[size]; 60 for (int i = 0; i < size; i++) { 61 int hi = Character.digit(hex.charAt(2 * i), 16); 62 int lo = Character.digit(hex.charAt(2 * i + 1), 16); 63 if ((hi == -1) || (lo == -1)) { 64 throw new IllegalArgumentException("input is not hexadecimal"); 65 } 66 result[i] = (byte) (16 * hi + lo); 67 } 68 return result; 69 } 70 randBytes(int numBytes)71 static byte[] randBytes(int numBytes) { 72 byte[] bytes = new byte[numBytes]; 73 sRandom.nextBytes(bytes); 74 return bytes; 75 } 76 77 @Test testNullSaltOrInfo()78 public void testNullSaltOrInfo() throws Exception { 79 byte[] ikm = randBytes(20); 80 byte[] info = randBytes(20); 81 int size = 40; 82 83 byte[] hkdfWithNullSalt = Util.computeHkdf("HmacSha256", ikm, null, info, size); 84 byte[] hkdfWithEmptySalt = Util.computeHkdf("HmacSha256", ikm, new byte[0], info, size); 85 assertArrayEquals(hkdfWithNullSalt, hkdfWithEmptySalt); 86 87 byte[] salt = randBytes(20); 88 byte[] hkdfWithNullInfo = Util.computeHkdf("HmacSha256", ikm, salt, null, size); 89 byte[] hkdfWithEmptyInfo = Util.computeHkdf("HmacSha256", ikm, salt, new byte[0], size); 90 assertArrayEquals(hkdfWithNullInfo, hkdfWithEmptyInfo); 91 } 92 93 @Test testInvalidCodeSize()94 public void testInvalidCodeSize() throws Exception { 95 try { 96 Util.computeHkdf("HmacSha256", new byte[0], new byte[0], new byte[0], 32 * 256); 97 fail("Invalid size, should have thrown exception"); 98 } catch (RuntimeException expected) { 99 100 // Expected 101 } 102 } 103 104 /** 105 * Tests the implementation against the test vectors from RFC 5869. 106 */ 107 @Test testVectors()108 public void testVectors() throws Exception { 109 // Test case 1 110 assertEquals( 111 "3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf" 112 + "1a5a4c5db02d56ecc4c5bf34007208d5b887185865", 113 computeHkdfHex("HmacSha256", 114 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b", 115 "000102030405060708090a0b0c", 116 "f0f1f2f3f4f5f6f7f8f9", 117 42)); 118 119 // Test case 2 120 assertEquals( 121 "b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c" 122 + "59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71" 123 + "cc30c58179ec3e87c14c01d5c1f3434f1d87", 124 computeHkdfHex("HmacSha256", 125 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" 126 + "202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f" 127 + "404142434445464748494a4b4c4d4e4f", 128 "606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f" 129 + "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f" 130 + "a0a1a2a3a4a5a6a7a8a9aaabacadaeaf", 131 "b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecf" 132 + "d0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeef" 133 + "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", 134 82)); 135 136 // Test case 3: salt is empty 137 assertEquals( 138 "8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d" 139 + "9d201395faa4b61a96c8", 140 computeHkdfHex("HmacSha256", 141 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b", "", "", 142 42)); 143 144 // Test Case 4 145 assertEquals( 146 "085a01ea1b10f36933068b56efa5ad81a4f14b822f" 147 + "5b091568a9cdd4f155fda2c22e422478d305f3f896", 148 computeHkdfHex( 149 "HmacSha1", 150 "0b0b0b0b0b0b0b0b0b0b0b", 151 "000102030405060708090a0b0c", 152 "f0f1f2f3f4f5f6f7f8f9", 153 42)); 154 155 // Test Case 5 156 assertEquals( 157 "0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe" 158 + "8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e" 159 + "927336d0441f4c4300e2cff0d0900b52d3b4", 160 computeHkdfHex( 161 "HmacSha1", 162 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" 163 + "202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f" 164 + "404142434445464748494a4b4c4d4e4f", 165 "606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f" 166 + "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f" 167 + "a0a1a2a3a4a5a6a7a8a9aaabacadaeaf", 168 "b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecf" 169 + "d0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeef" 170 + "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", 171 82)); 172 173 // Test Case 6: salt is empty 174 assertEquals( 175 "0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0" 176 + "ea00033de03984d34918", 177 computeHkdfHex("HmacSha1", "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b", "", "", 178 42)); 179 180 // Test Case 7 181 assertEquals( 182 "2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5" 183 + "673a081d70cce7acfc48", 184 computeHkdfHex("HmacSha1", "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c", "", "", 185 42)); 186 } 187 188 /** 189 * Test version of Hkdf where all inputs and outputs are hexadecimal. 190 */ computeHkdfHex(String macAlgorithm, String ikmHex, String saltHex, String infoHex, int size)191 private String computeHkdfHex(String macAlgorithm, String ikmHex, String saltHex, 192 String infoHex, 193 int size) throws GeneralSecurityException { 194 return hexEncode( 195 Util.computeHkdf(macAlgorithm, hexDecode(ikmHex), hexDecode(saltHex), 196 hexDecode(infoHex), size)); 197 } 198 199 } 200